Indeed definitely an expert opinion there but what he said goes against what we believe which is why weâve inquired.
1 Like
There is no question whether Gene Hoffman is correct. In any secure blockchain the private key is required to sign a winning block. The only question is whether the pool is signing the block or whether the user is signing locally.
I donât want to go to your discord to confirm or deny a basic question. You are the representative of Flexpool here at the Chia forum. Please get us an exact and definitive answer.
I will use no pool that cannot confirm to me that I sign winning blocks locally. If a pool can sign my winning blocks for me then my security is at huge risk.
Iâve been with flexpool for about a month now, coming from Spacepool. I like it so far and I AM seeing better payouts, as you have frequently claimed here and elsewhere.
I have been farming with Chia CLI rather than Flexfarmer, mainly because I still have a mix of OG and NFT plots. I had been keeping some OG plots to stay in the lottery, but have been slowly replotting the last few weeks â with an eye to using Flexfarmer once I am done.
The security aspect of Flexfarmer discussed here is critical to me, and I would assume to all involved. Since you created this thread and have been promoting Flexpool on this forum, I would implore you to get definitive answers.
I am inclined to believe that JUST having the farmer secret key isnât enough to control the wallet, for the reasons described by @Digital. But even if that is confirmed (and it MUST be confirmed) two questions still remain:
-
Whether the block signing is performed by the Flexfarmer client (thus the farmer secret key never leaves my computer) OR by the Flexpool hosted full-node (in which case the farmer secret key is passed over the internet). As I am sure you recall from the Arbor Wallet debacle, this is a big deal!
-
If the farmer secret key is indeed stored in plaintext on the disk (as described by @thechiaplot). If so, I wonât even consider Flexfarmer.
Even though Flexpool sponsors (or partners with) DFI, I realize you did not create Arbor Wallet and had no hand in the decisions made there. But if you committed the same mistake with Flexfarmer, that concerns me, as it MAY speak to a laissez-faire attitude towards crypto security principles on the part of your devs.
I look forward to any answers you can provide on these questions. Thank you in advance!
Edit: I should probably add that all my rewards and payouts go to a cold wallet, so itâs not like a compromised farmer secret key would cause me to lose a fortune (even IF I owned a significant amount of XCH). This is a matter of principle and the attitude towards crypto security.
âTheâ private key is the one used to create the farmer_sk, pool _sk and walket_sk from. To farm you only need the farmer_sk.
I will not quote Gene Hoffman for a third time where he states that a pool that signs your block has your private key.
I know from personal experience that the GUI looks to match pk with sk for every challenge that passes the filter and have confirmed that the pk is most definitely required to sign a winning block. If your GUI cannot provide the pk within the required time then you will NOT win the block or even pass a challenge.
Passing challenges and winning blocks are integral parts of the farming process and cannot be done without your pk.
I watched the entire Gene Hoffman link eventually. They go into detail about the fact that Pooling Chia can be done safely through a browser interface with the pool having secure software that allows them to run the pool without signing your blocks. Their perspective was that the pool operators were pushing back as implementing the fix was an unexpected hurdle that cut into their profit margin.
@Aspy68 I guess we can agree nobody shoul run this farmer. A closed source application signing blocks is generally not healthy for a blockchain.
For that reason: Why should Gene waste time to explain your Chia is actually safe as long as you keep the master and wallet key secret?
I still believe running this farmer is safe for an individual farmer, but a threat to the blockchain once too many farmers decide to use it.
@Chris22 if you genuinly want to help the Chia community make this an open source application. If not we have to trust Flexpool nothing bad will happen once 51% of farmers use your farmer.
He says exactly the opposite. Gene states that if someone else is signing your block that they have your pk and have no need for your 24 word mnemonic. Basically if you allow someone to sign for you then you have given them your pk and failed at the task of keeping your wallet secure.
I am not saying Flexpool or any other pool is out to steal from you. Iâm sure most have the best of intentions.
Unfortunately, if your pk is in someone elseâs system then anything from a disgruntled employee to an external exploit of that system could give a talented evil peep the ability to drain every wallet working in the system/pool.
Hundreds of millions seem to be stolen from some crypto platform or another almost every month now.
This is an example of how those thefts happen.
I highly doubt Flexpool would ever get 51% of all farmers, let alone all of them use Flexfarmer in its current form. They say theyâre close to releasing a full-node client, which would overcome the issue of undermining decentralization of the blockchain. But I assume itâd still be closed source, as they donât want to give their advantage to competing pools who are just running reference code and havenât made the same investments.
There would be no interest in Flexfarmer in the first place if the official chia client wasnât such a bloated and buggy pile of memory hungry python code. Thatâs the real source of problems.
1 Like
I assume someone will fund open sourcing it by then or full blocks will cause everyone so many problems using the python node that enough farmers will move over that we get big enough that weâre willing to open source it. Several have wondered whether the current python node can handle network utilization at 100% and it seems like we will be finding out.
Madmax was sponsored by us and open sourced already. Weâre happy to take a Chia cultivation grant to open source our additional development. Or pools much larger than us with fees can fund their own development instead of telling us to work for free for their customers. Weâre 1% of the network with 0 fee and to my knowledge no pool even those 10x bigger than us with fees has released any helpful open source software. There are pools other than us who have released open source software after getting a Chia grant. Get one of the pools who has made money from Chia farmers or the Chia Network to go rewrite, fix all the errors, and improve upon the Proof of Space implementation. The top two pools have made millions off their farmers.
Indeed weâve told people to run it on a pi in a container with ports closed. Youâve asked a bunch of questions and Iâd suggest having a technical discussion with Alex on discord or searching past chats as weâve explained how it works and the blockchain bridge a few times. We donât sponsor DFI we have a deal with them to buy stuff.
PS: Not close close but several portions are completed and the real pain is going to be putting them all together and testing them now.
PS2: Last we checked around 20% of the pool is on Flexfarmer around 70-80PiB which is hardly network domination. In comparison HPool sits at 12.45 EiB.
Thank you. But my questions were not very technical at all, and they were questions echoed by others here. The audience on this forum deserves answers, and I believe it would serve Flexpoolâs interest to provide them. This is YOUR thread with Flexfarmer as its topic. I can think of no more relevant place to post that information.
Thanks again.
Yes, I hear you. And I do appreciate Flexpoolâs contributions.
As I wrote, I like farming with you, and I can confirm that I am making more than I did at Spacepool, even without Flexfarmer. I believe the fixed Difficulty=1 is what makes the biggest difference, as it avoids lost points caused by dynamically swinging Difficulty, which always overshoots before correcting. But thatâs a whole other discussion.
It is quite technical as its going into how we keep things secure which is going to require a technical discussion with Alex. That being said Iâve quoted his discord explanations below:
In regards to using the key you provide to access your wallet:
No where near how the actual implementation works, but think of child key derivation as a hash
[4:01 AM]
Mnemonic converts to master secret key
- [4:01 AM]
Then it is being hashed with some additional data that specifies that we are deriving specifically the farmer secret key, and by hashing it we get the farmer secret key
- [4:02 AM]
For spending funds, we need to have a wallet secret key, that is likewise derived from the master secret key
- [4:02 AM]
So in order to spend the funds while having farmer secret key only, you need to somehow reverse the hash function used at converting Master sk to Farmer sk
- [4:03 AM]
And reversing a hash function is impossible.
Farmer secret key is used to derive the plot secret key
[10:34 AM]
Which is used to sign blocks and partials
- [10:35 AM]
It is not used anywhere else for any purposes
So from our technical viewpoint, the key you use for signing blocks/partials is not able to hack your wallet and Gene is wrong. Just like your wallet key canât be used to sign blocks. Logically there wouldnât be different sub keys and names for them derived from the master if they were all the same. Feel free to go ask him on Keybase if the plot secret key can be used to access your wallet I assume he just misspoke during the AMA. Or go ask Blaktron/Chris from the Chiaplot heâs very outspoken with his criticism for us but he also is truthful and understands the tech.
PS: There is currently over 11.5 Million (14.2 in CAD) in ETH in our pool wallet. If we were going to cut and run weâd probably have done so after the first few million. Weâd also have registered the company somewhere with much worse regulations on an island somewhere. People trust billions to companies in the Seychelles and Caymans so I think being in Canada should get us a small boost in faith. That being said Iâm down for a very polite Canadian Bond Villain.
3 Likes
Boy, that was fast. Thank you very much!
This aligns with what @Digital posted: That separate secret keys are required to sign blocks/partials and to access the wallet. Even though both are derived from the master key (which in turn is derived from the mnemonic). And that makes sense. I do believe Gene was probably wrong. He is not the technical lead of Chia, and everybody makes mistakes.
Of course as a matter of principle, sharing a private key is never preferable, but in this case I understand why, and I can balance the pros and cons.
If you can collect answers to my other two questions as well, I would greatly appreciate it. I am not one to bug you guys with questions or criticism (youâve never heard from me before) but I do think these are critical to your case for Flexfarmer.
You make a fair argument for Flexpoolâs trustworthiness. But as you know, this place is a tough crowd (though less acerbic than Reddit). Of course Iâve seen you take pot shots too from time to time, so youâre in good company 
Quoted from:Chia Keys Architecture · Chia-Network/chia-blockchain Wiki · GitHub
âharvesters only store plot files, and provide the farmer with signatures by the local sk whenever necessary.â
âThe farmer can also periodically ask the pool for signatures, which are used to sign the pool reward coin.â
So the farmer has the local secret key âwhenever necessary.â and needs both your secret key and the pools sk when you win a block.
âRecall that each block is eligible to create two coinbase reward coins: the pool reward which is 7/8, and the farmer reward which is 1/8 + transaction fees.â
When you win a block, the GUI needs both your sk and the pools sk. Wallet sk is required for any transaction/reward.
If I am running the Chia client locally this is not a concern.
If I am running a non Chia closed source client I have no idea what the client is doing with this information we strive to guard.
As mentioned earlier this can all be avoided by using the Chia client and a browser based interface for the pool.
If any third party pool software/GUI/farmer is running then it has constant access to your main sk, your farmer sk and occasional access to your wallet sk. They are not secret keys anymore if someone else has access to them.
What is the point of public keys if your pool needs to use your private keys?
If I was a pool operator and members gave me the power to sign blocks for them, I could do the following:
- take a cut of the transaction fees. The pool member will happily get their .25 + 1.75 distribution, but it would be difficult to account for transaction fees
- as a signer of the block, I could shove in my own transaction into the block, bypassing mempool and not paying any fees myself (caveat: not an expert in blockchain technology, Iâm just theorizing)
All this is relevant as long as there are transaction fees to begin with (any miner value to extract). Which is not the case with Chia yet.
So those who are using Flexfarmer are taking advantage of their innovation for free (for now).
My French is rusty I believe your asking if weâre in Quebec. No weâre in BC.
Couldnât find a good Alex quote for those and heâs not on for a couple more hours so itâll have to be later.
1 Like
No rush. I appreciate it!
If any third party pool software/GUI/farmer is running then it has constant access to your main sk, your farmer sk and occasional access to your wallet sk. They are not secret keys anymore if someone else has access to them.
No. The closed source client in this regard is FlexFarmer, which we know does NOT have access to your mnemonic or any Chia related software/keys EXCEPT the user supplied farmer secret key. We know this because you do NOT need the Chia client running on the system with FlexFarmer.
FlexFarmer runs independently, replacing the need for a node/harvester etc as the farmer connects to FlexPoolâs own node. Again FlexFarmer does not require any other secret key except the farmer secret key, this key alone DOES NOT allow spending⊠if it did then there would be no need for child keys in the implementation. The farmer secret key is used only to create signatures of new blocks.
So the farmer has the local secret key âwhenever necessary.â and needs both your secret key and the pools sk when you win a block.
The reference to local sk signatures here are those held by harvesters (computers that only harvest plots and report back to another computer which has the farmer+node+wallet). These keys effectively just secure and validate the connection between the seperate computers and plot ownership.
Example system segregation:
Computer 1 - Cold Storage (offline): Has my Chia installation, mnemonic (master:all keys): Can spend
Computer 2 - Plotter (offline): Has MadMax (configured with public keys for plotting): Cannot spend
Computer 3 - Farmer (online): Has FlexFarmer (configured with farmer private key): Cannot spend
The wallet key is the ONLY key that allows spending. You cannot derive the wallet key from anything but the master key. If you only have a farmer key (as FlexFarmer does) you cannot generate the wallet key from it, they are both child keys of the master.
1 Like
This proves the point.
The Chia client requires your private keys. The farming process requires your private keys. Wallet transactions require your private keys.
Any GUI client needs your private keys to function.
The private keys are generated by the mnemonic when you first enter them. It is never done that way again. Once your private key id is generated it becomes just another string of data for the GUI. You and the GUI can easily return the pk without having to re-enter the mnemonic.
Exactly. This is the problem. Flexfarmer has to send a users pks and sks to your node for challenge and block validation and most importantly for any tranaction, including rewards.
With the Chia GUI I am the node and I sign my own blocks.
With Flexfarmer, you are signing the blocks on my behalf on your node. To do so you require the keys.
Back to Gene, "So if anybody is trying to tell you that they dont have your private key but they are going to sign a block on your behalf, they are dangerously lying.â
If I can tell my Chia GUI to give me my private keys then Flexfarmer has the same access. As you are still closed source there is no way for me to tell how well you have secured this information